VinodKulkanri

Members
  • Content count

    23
  • Joined

  • Last visited

About VinodKulkanri

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Hello, I couldn't uninstall combofix. It says windows cannot find Combofix. Shall i proceed with manually deleting these folders and continue running with OTL ? Thanks
  2. I ran Malwarebytes scan & also McAfee scan.. No threats detected.. Looks like system is running fine now. Thanks for your help. I really appreciate it. Thanks!!!
  3. Ran it. No threats found. I wasn't able to login to gtalk from last 4 days due to authentication issues. Looks like it is resolved now. Here is the MBAM quick scan report Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.18.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Administrator :: VINODK [administrator] 2/17/2012 9:17:16 PM mbam-log-2012-02-17 (21-17-16).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196290 Time elapsed: 7 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Hello MrC, I have attached the ComboFix.txt file. ComboFix.txt
  5. Here is the report:- 10:00:16.0953 3124 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 10:00:18.0953 3124 ============================================================ 10:00:18.0953 3124 Current date / time: 2012/02/17 10:00:18.0953 10:00:18.0953 3124 SystemInfo: 10:00:18.0953 3124 10:00:18.0953 3124 OS Version: 5.1.2600 ServicePack: 3.0 10:00:18.0953 3124 Product type: Workstation 10:00:18.0953 3124 ComputerName: VINODK 10:00:18.0953 3124 UserName: Administrator 10:00:18.0953 3124 Windows directory: C:\WINDOWS 10:00:18.0953 3124 System windows directory: C:\WINDOWS 10:00:18.0953 3124 Processor architecture: Intel x86 10:00:18.0953 3124 Number of processors: 2 10:00:18.0953 3124 Page size: 0x1000 10:00:18.0953 3124 Boot type: Normal boot 10:00:18.0953 3124 ============================================================ 10:00:19.0875 3124 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 10:00:19.0875 3124 \Device\Harddisk0\DR0: 10:00:19.0875 3124 MBR used 10:00:19.0875 3124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1 10:00:19.0906 3124 Initialize success 10:00:19.0906 3124 ============================================================ 10:01:12.0140 1056 ============================================================ 10:01:12.0140 1056 Scan started 10:01:12.0140 1056 Mode: Manual; SigCheck; TDLFS; 10:01:12.0140 1056 ============================================================ 10:01:12.0468 1056 Abiosdsk - ok 10:01:12.0500 1056 abp480n5 - ok 10:01:12.0546 1056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:01:13.0718 1056 ACPI - ok 10:01:13.0796 1056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 10:01:13.0906 1056 ACPIEC - ok 10:01:13.0968 1056 acsint (d2c5c56dd26386efa289ea0b92eadfd2) C:\WINDOWS\system32\DRIVERS\acsint.sys 10:01:14.0156 1056 acsint - ok 10:01:14.0171 1056 acsmux (45d6057452eafe7ac27cab55a0fed296) C:\WINDOWS\system32\DRIVERS\acsmux.sys 10:01:14.0296 1056 acsmux - ok 10:01:14.0312 1056 adpu160m - ok 10:01:14.0343 1056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:01:14.0421 1056 aec - ok 10:01:14.0453 1056 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys 10:01:14.0546 1056 AESTAud - ok 10:01:14.0593 1056 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 10:01:14.0718 1056 AFD - ok 10:01:14.0718 1056 Aha154x - ok 10:01:14.0718 1056 aic78u2 - ok 10:01:14.0734 1056 aic78xx - ok 10:01:14.0734 1056 AliIde - ok 10:01:14.0750 1056 amsint - ok 10:01:14.0781 1056 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 10:01:14.0859 1056 Arp1394 - ok 10:01:14.0859 1056 asc - ok 10:01:14.0859 1056 asc3350p - ok 10:01:14.0875 1056 asc3550 - ok 10:01:14.0890 1056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:01:14.0968 1056 AsyncMac - ok 10:01:15.0000 1056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys 10:01:15.0078 1056 atapi - ok 10:01:15.0078 1056 Atdisk - ok 10:01:15.0109 1056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:01:15.0187 1056 Atmarpc - ok 10:01:15.0218 1056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:01:15.0312 1056 audstub - ok 10:01:15.0343 1056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:01:15.0421 1056 Beep - ok 10:01:15.0500 1056 catchme - ok 10:01:15.0515 1056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:01:15.0609 1056 cbidf2k - ok 10:01:15.0656 1056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 10:01:15.0734 1056 CCDECODE - ok 10:01:15.0750 1056 cd20xrnt - ok 10:01:15.0765 1056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:01:15.0843 1056 Cdaudio - ok 10:01:15.0859 1056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:01:15.0937 1056 Cdfs - ok 10:01:15.0953 1056 Cdrom - ok 10:01:15.0953 1056 cerc6 - ok 10:01:15.0984 1056 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 10:01:16.0046 1056 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 10:01:16.0046 1056 cercsr6 - detected UnsignedFile.Multi.Generic (1) 10:01:16.0046 1056 Changer - ok 10:01:16.0078 1056 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 10:01:16.0156 1056 CmBatt - ok 10:01:16.0156 1056 CmdIde - ok 10:01:16.0171 1056 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 10:01:16.0265 1056 Compbatt - ok 10:01:16.0281 1056 Cpqarray - ok 10:01:16.0296 1056 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys 10:01:16.0390 1056 CVirtA - ok 10:01:16.0453 1056 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 10:01:16.0500 1056 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 10:01:16.0500 1056 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 10:01:16.0515 1056 dac2w2k - ok 10:01:16.0515 1056 dac960nt - ok 10:01:16.0546 1056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:01:16.0625 1056 Disk - ok 10:01:16.0656 1056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 10:01:16.0765 1056 dmboot - ok 10:01:16.0796 1056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys 10:01:16.0890 1056 dmio - ok 10:01:16.0921 1056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:01:17.0000 1056 dmload - ok 10:01:17.0031 1056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:01:17.0093 1056 DMusic - ok 10:01:17.0140 1056 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys 10:01:17.0203 1056 DNE - ok 10:01:17.0203 1056 dpti2o - ok 10:01:17.0218 1056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:01:17.0296 1056 drmkaud - ok 10:01:17.0343 1056 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys 10:01:17.0453 1056 e1yexpress - ok 10:01:17.0500 1056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:01:17.0578 1056 Fastfat - ok 10:01:17.0609 1056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 10:01:17.0687 1056 Fdc - ok 10:01:17.0703 1056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 10:01:17.0781 1056 Fips - ok 10:01:17.0796 1056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 10:01:17.0890 1056 Flpydisk - ok 10:01:17.0906 1056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 10:01:17.0984 1056 FltMgr - ok 10:01:18.0015 1056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:01:18.0093 1056 Fs_Rec - ok 10:01:18.0109 1056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:01:18.0187 1056 Ftdisk - ok 10:01:18.0218 1056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 10:01:18.0265 1056 GEARAspiWDM - ok 10:01:18.0281 1056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:01:18.0375 1056 Gpc - ok 10:01:18.0390 1056 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:01:18.0468 1056 HDAudBus - ok 10:01:18.0500 1056 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:01:18.0578 1056 hidusb - ok 10:01:18.0578 1056 hpn - ok 10:01:18.0625 1056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:01:18.0671 1056 HTTP - ok 10:01:18.0687 1056 i2omgmt - ok 10:01:18.0687 1056 i2omp - ok 10:01:18.0703 1056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:01:18.0796 1056 i8042prt - ok 10:01:18.0828 1056 iastor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\DRIVERS\iaStor.sys 10:01:18.0843 1056 iastor - ok 10:01:18.0859 1056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:01:18.0953 1056 Imapi - ok 10:01:18.0968 1056 ini910u - ok 10:01:18.0968 1056 IntelIde - ok 10:01:19.0000 1056 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:01:19.0062 1056 intelppm - ok 10:01:19.0093 1056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 10:01:19.0171 1056 Ip6Fw - ok 10:01:19.0203 1056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:01:19.0281 1056 IpFilterDriver - ok 10:01:19.0312 1056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:01:19.0390 1056 IpInIp - ok 10:01:19.0421 1056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:01:19.0531 1056 IpNat - ok 10:01:19.0562 1056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:01:19.0640 1056 IPSec - ok 10:01:19.0671 1056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:01:19.0718 1056 IRENUM - ok 10:01:19.0750 1056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:01:19.0828 1056 isapnp - ok 10:01:19.0859 1056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:01:19.0937 1056 Kbdclass - ok 10:01:19.0953 1056 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:01:20.0015 1056 kbdhid - ok 10:01:20.0031 1056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:01:20.0125 1056 kmixer - ok 10:01:20.0156 1056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:01:20.0218 1056 KSecDD - ok 10:01:20.0234 1056 lbrtfdc - ok 10:01:20.0281 1056 LMIInfo - ok 10:01:20.0312 1056 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 10:01:20.0390 1056 lmimirr - ok 10:01:20.0390 1056 LMIRfsClientNP - ok 10:01:20.0406 1056 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 10:01:20.0484 1056 LMIRfsDriver - ok 10:01:20.0484 1056 mafesd - ok 10:01:20.0531 1056 mfeapfk (37364b530339ff0b0ababc8df1c532c3) C:\WINDOWS\system32\drivers\mfeapfk.sys 10:01:20.0609 1056 mfeapfk - ok 10:01:20.0625 1056 mfeavfk (cd2a8a43bd6b0d15a3255829b1778285) C:\WINDOWS\system32\drivers\mfeavfk.sys 10:01:20.0687 1056 mfeavfk - ok 10:01:20.0687 1056 mfeavfk01 - ok 10:01:20.0718 1056 mfebopk (2cd52e91ba338f10ba14d3f90bbda5e8) C:\WINDOWS\system32\drivers\mfebopk.sys 10:01:20.0781 1056 mfebopk - ok 10:01:20.0812 1056 mfefirek (2a068871402874cb6487910b904a4321) C:\WINDOWS\system32\drivers\mfefirek.sys 10:01:20.0890 1056 mfefirek - ok 10:01:20.0906 1056 mfehidk (cf669582f5f98c4ba79d59cfe169198b) C:\WINDOWS\system32\drivers\mfehidk.sys 10:01:21.0046 1056 mfehidk - ok 10:01:21.0046 1056 mfendisk (f5b00ed653a80f7452b2fc267257f5ac) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 10:01:21.0125 1056 mfendisk - ok 10:01:21.0125 1056 mfendiskmp (f5b00ed653a80f7452b2fc267257f5ac) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 10:01:21.0140 1056 mfendiskmp - ok 10:01:21.0171 1056 mferkdet (42f84c2a82a057d74c54ef70e0cf0a2c) C:\WINDOWS\system32\drivers\mferkdet.sys 10:01:21.0234 1056 mferkdet - ok 10:01:21.0265 1056 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys 10:01:21.0312 1056 MfeRKDK - ok 10:01:21.0343 1056 mfetdi2k (03b2b8bd4d0a2d3636be9248b5dce33a) C:\WINDOWS\system32\drivers\mfetdi2k.sys 10:01:21.0390 1056 mfetdi2k - ok 10:01:21.0437 1056 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys 10:01:21.0484 1056 mfetdik - ok 10:01:21.0515 1056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:01:21.0593 1056 mnmdd - ok 10:01:21.0640 1056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 10:01:21.0718 1056 Modem - ok 10:01:21.0734 1056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:01:21.0812 1056 Mouclass - ok 10:01:21.0843 1056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:01:21.0937 1056 mouhid - ok 10:01:21.0953 1056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:01:22.0015 1056 MountMgr - ok 10:01:22.0046 1056 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys 10:01:22.0156 1056 MPFP - ok 10:01:22.0171 1056 mraid35x - ok 10:01:22.0203 1056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:01:22.0312 1056 MRxDAV - ok 10:01:22.0343 1056 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:01:22.0531 1056 MRxSmb - ok 10:01:22.0578 1056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:01:22.0656 1056 Msfs - ok 10:01:22.0687 1056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:01:22.0765 1056 MSKSSRV - ok 10:01:22.0781 1056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:01:22.0859 1056 MSPCLOCK - ok 10:01:22.0859 1056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:01:22.0937 1056 MSPQM - ok 10:01:22.0953 1056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:01:23.0031 1056 mssmbios - ok 10:01:23.0062 1056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 10:01:23.0125 1056 MSTEE - ok 10:01:23.0156 1056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:01:23.0234 1056 Mup - ok 10:01:23.0265 1056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 10:01:23.0343 1056 NABTSFEC - ok 10:01:23.0375 1056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:01:23.0468 1056 NDIS - ok 10:01:23.0484 1056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 10:01:23.0546 1056 NdisIP - ok 10:01:23.0593 1056 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:01:23.0656 1056 NdisTapi - ok 10:01:23.0703 1056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:01:23.0765 1056 Ndisuio - ok 10:01:23.0781 1056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:01:23.0875 1056 NdisWan - ok 10:01:23.0890 1056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:01:24.0015 1056 NDProxy - ok 10:01:24.0031 1056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:01:24.0109 1056 NetBIOS - ok 10:01:24.0125 1056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:01:24.0203 1056 NetBT - ok 10:01:24.0296 1056 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 10:01:24.0578 1056 NETw5x32 - ok 10:01:24.0656 1056 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 10:01:24.0734 1056 NIC1394 - ok 10:01:24.0750 1056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:01:24.0828 1056 Npfs - ok 10:01:24.0859 1056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:01:24.0968 1056 Ntfs - ok 10:01:24.0984 1056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:01:25.0062 1056 Null - ok 10:01:25.0203 1056 nv (3de17fbc295d1c996890ed1315b7d42e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10:01:25.0609 1056 nv - ok 10:01:25.0640 1056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:01:25.0750 1056 NwlnkFlt - ok 10:01:25.0765 1056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:01:25.0890 1056 NwlnkFwd - ok 10:01:25.0921 1056 NxDrv (cdf2a5f20509593140f8b3b965448c5b) C:\WINDOWS\system32\DRIVERS\NxDrv.sys 10:01:26.0093 1056 NxDrv - ok 10:01:26.0125 1056 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 10:01:26.0234 1056 ohci1394 - ok 10:01:26.0281 1056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 10:01:26.0406 1056 Parport - ok 10:01:26.0437 1056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:01:26.0562 1056 PartMgr - ok 10:01:26.0593 1056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 10:01:26.0718 1056 ParVdm - ok 10:01:26.0734 1056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 10:01:26.0843 1056 PCI - ok 10:01:26.0859 1056 PCIDump - ok 10:01:26.0859 1056 PCIIde - ok 10:01:26.0890 1056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 10:01:27.0015 1056 Pcmcia - ok 10:01:27.0031 1056 PDCOMP - ok 10:01:27.0031 1056 PDFRAME - ok 10:01:27.0046 1056 PDRELI - ok 10:01:27.0046 1056 PDRFRAME - ok 10:01:27.0062 1056 perc2 - ok 10:01:27.0062 1056 perc2hib - ok 10:01:27.0093 1056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:01:27.0203 1056 PptpMiniport - ok 10:01:27.0203 1056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:01:27.0296 1056 PSched - ok 10:01:27.0312 1056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:01:27.0406 1056 Ptilink - ok 10:01:27.0421 1056 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:01:27.0484 1056 PxHelp20 - ok 10:01:27.0500 1056 ql1080 - ok 10:01:27.0500 1056 Ql10wnt - ok 10:01:27.0500 1056 ql12160 - ok 10:01:27.0515 1056 ql1240 - ok 10:01:27.0515 1056 ql1280 - ok 10:01:27.0562 1056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:01:27.0625 1056 RasAcd - ok 10:01:27.0656 1056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:01:27.0734 1056 Rasl2tp - ok 10:01:27.0734 1056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:01:27.0812 1056 RasPppoe - ok 10:01:27.0812 1056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:01:27.0890 1056 Raspti - ok 10:01:27.0921 1056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:01:28.0000 1056 Rdbss - ok 10:01:28.0046 1056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:01:28.0109 1056 RDPCDD - ok 10:01:28.0140 1056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:01:28.0203 1056 rdpdr - ok 10:01:28.0234 1056 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 10:01:28.0312 1056 RDPWD - ok 10:01:28.0343 1056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:01:28.0421 1056 redbook - ok 10:01:28.0468 1056 s24trans (1f950f97dbf5e0ba4fbbfaf074d3b47c) C:\WINDOWS\system32\DRIVERS\s24trans.sys 10:01:28.0531 1056 s24trans ( UnsignedFile.Multi.Generic ) - warning 10:01:28.0531 1056 s24trans - detected UnsignedFile.Multi.Generic (1) 10:01:28.0562 1056 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 10:01:28.0640 1056 sdbus - ok 10:01:28.0656 1056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:01:28.0703 1056 Secdrv - ok 10:01:28.0718 1056 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:01:28.0796 1056 Serenum - ok 10:01:28.0828 1056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 10:01:28.0906 1056 Serial - ok 10:01:28.0937 1056 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 10:01:29.0015 1056 sffdisk - ok 10:01:29.0015 1056 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 10:01:29.0093 1056 sffp_sd - ok 10:01:29.0109 1056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:01:29.0171 1056 Sfloppy - ok 10:01:29.0187 1056 Simbad - ok 10:01:29.0203 1056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 10:01:29.0281 1056 SLIP - ok 10:01:29.0296 1056 Sparrow - ok 10:01:29.0328 1056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:01:29.0390 1056 splitter - ok 10:01:29.0421 1056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 10:01:29.0468 1056 sr - ok 10:01:29.0515 1056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:01:29.0625 1056 Srv - ok 10:01:29.0687 1056 STHDA (886c708c91db573656d64c626468d707) C:\WINDOWS\system32\drivers\sthda.sys 10:01:29.0875 1056 STHDA - ok 10:01:29.0890 1056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 10:01:30.0000 1056 streamip - ok 10:01:30.0015 1056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:01:30.0093 1056 swenum - ok 10:01:30.0109 1056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:01:30.0187 1056 swmidi - ok 10:01:30.0203 1056 symc810 - ok 10:01:30.0203 1056 symc8xx - ok 10:01:30.0203 1056 sym_hi - ok 10:01:30.0218 1056 sym_u3 - ok 10:01:30.0218 1056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:01:30.0296 1056 sysaudio - ok 10:01:30.0328 1056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:01:30.0406 1056 Tcpip - ok 10:01:30.0437 1056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:01:30.0515 1056 TDPIPE - ok 10:01:30.0531 1056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:01:30.0609 1056 TDTCP - ok 10:01:30.0640 1056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:01:30.0703 1056 TermDD - ok 10:01:30.0718 1056 TosIde - ok 10:01:30.0765 1056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:01:30.0828 1056 Udfs - ok 10:01:30.0843 1056 ultra - ok 10:01:30.0890 1056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:01:31.0000 1056 Update - ok 10:01:31.0062 1056 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 10:01:31.0234 1056 USBAAPL - ok 10:01:31.0250 1056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:01:31.0343 1056 usbccgp - ok 10:01:31.0375 1056 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys 10:01:31.0500 1056 USBCCID - ok 10:01:31.0531 1056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:01:31.0609 1056 usbehci - ok 10:01:31.0625 1056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:01:31.0703 1056 usbhub - ok 10:01:31.0734 1056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:01:31.0796 1056 usbscan - ok 10:01:31.0843 1056 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:01:31.0906 1056 USBSTOR - ok 10:01:31.0921 1056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:01:32.0015 1056 usbuhci - ok 10:01:32.0046 1056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:01:32.0109 1056 VgaSave - ok 10:01:32.0125 1056 ViaIde - ok 10:01:32.0156 1056 VNA (48007916b1d0dab3e6c0d701de7c4afb) C:\WINDOWS\system32\DRIVERS\vna.sys 10:01:32.0203 1056 VNA - ok 10:01:32.0234 1056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 10:01:32.0296 1056 VolSnap - ok 10:01:32.0343 1056 vpnva (0d8df4058901616a4e716ab67d472581) C:\WINDOWS\system32\DRIVERS\vpnva.sys 10:01:32.0406 1056 vpnva - ok 10:01:32.0453 1056 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys 10:01:32.0609 1056 vsdatant - ok 10:01:32.0656 1056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:01:32.0734 1056 Wanarp - ok 10:01:32.0750 1056 WDICA - ok 10:01:32.0781 1056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:01:32.0875 1056 wdmaud - ok 10:01:32.0921 1056 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 10:01:33.0031 1056 WmiAcpi - ok 10:01:33.0062 1056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 10:01:33.0187 1056 WSTCODEC - ok 10:01:33.0234 1056 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:01:33.0296 1056 WudfPf - ok 10:01:33.0312 1056 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:01:33.0343 1056 WudfRd - ok 10:01:33.0359 1056 ZSMC303 - ok 10:01:33.0359 1056 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0 10:01:33.0390 1056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 10:01:33.0390 1056 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 10:01:33.0437 1056 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 10:01:33.0437 1056 \Device\Harddisk0\DR0 - detected TDSS File System (1) 10:01:33.0437 1056 Boot (0x1200) (bc97e7bb417bb36ab2d154bba1832cd7) \Device\Harddisk0\DR0\Partition0 10:01:33.0437 1056 \Device\Harddisk0\DR0\Partition0 - ok 10:01:33.0437 1056 ============================================================ 10:01:33.0437 1056 Scan finished 10:01:33.0437 1056 ============================================================ 10:01:33.0546 3660 Detected object count: 5 10:01:33.0546 3660 Actual detected object count: 5 10:04:54.0062 3660 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 10:04:54.0062 3660 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:04:54.0078 3660 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 10:04:54.0078 3660 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:04:54.0078 3660 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user 10:04:54.0078 3660 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:04:54.0734 3660 \Device\Harddisk0\DR0\# - copied to quarantine 10:04:54.0734 3660 \Device\Harddisk0\DR0 - copied to quarantine 10:04:54.0796 3660 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 10:04:54.0812 3660 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 10:05:06.0687 3660 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 10:05:13.0328 3660 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 10:05:20.0015 3660 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 10:05:20.0062 3660 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 10:05:20.0140 3660 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 10:05:26.0671 3660 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 10:05:26.0703 3660 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 10:05:26.0703 3660 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 10:05:26.0718 3660 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 10:05:33.0171 3660 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 10:05:39.0687 3660 \Device\Harddisk0\DR0\TDLFS\cqqx - copied to quarantine 10:05:39.0734 3660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 10:05:39.0734 3660 \Device\Harddisk0\DR0 - ok 10:05:39.0734 3660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 10:05:39.0734 3660 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 10:05:39.0734 3660 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 10:05:48.0437 1296 Deinitialize success Thanks,
  6. Here is the report of RougeKiller Scan RogueKiller V7.1.0 [02/15/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Administrator [Admin rights] Mode: Scan -- Date: 02/17/2012 02:40:04 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] HKLM\[...]\Run : BigDog303 (C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)) -> FOUND [DNS] HKLM\[...]\ControlSet002\Parameters : NameServer (93.188.162.147,93.188.160.27) -> FOUND [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{ADA914D4-C293-469A-89C0-2F017216C44A} : NameServer (93.188.162.147,93.188.160.27) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] c70a6cd0ad44b530251352d49dea1ff4 [bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User != LL1 ... KO! --- LL1 --- [MBR] 420a8166b395f612de9a0507b280883c [bSP] 9fae179b60c745cdf972a9c2b760f800 : PiHar MBR Code! Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User != LL2 ... KO! --- LL2 --- [MBR] 420a8166b395f612de9a0507b280883c [bSP] 9fae179b60c745cdf972a9c2b760f800 : PiHar MBR Code! Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Thanks.
  7. Thanks MrCharlie!!. Below are the contents of the log. DDS Log: - . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26 Run by Administrator at 20:07:15 on 2012-02-15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.700 [GMT -5:00] . AV: McAfee® Security-as-a-Service Anti-virus *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C} FW: McAfee® Security-as-a-Service firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\WiFi\bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\PROGRA~1\mcafee\SITEAD~2\mcsacore.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\VM303_STI.EXE C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\salesforce.com\Chatter Desktop\Chatter Desktop.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local;<local> uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~2\mcieplg.dll uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110913093132.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~2\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~2\mcieplg.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [Octoshape Streaming Services] "c:\documents and settings\administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [sonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [bigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized dRun: [dplaysvr] %APPDATA%\dplaysvr.exe StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\chatte~1.lnk - c:\program files\salesforce.com\chatter desktop\Chatter Desktop.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: nuance.com Trusted Zone: nuance.com\bn-orclqaapp01 Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/62.14/uploader2.cab DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.a123systems.com/CACHE/stc/1/binaries/vpnweb.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276700372265 DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://fw.acmepacket.com:4433/NELX.cab DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://www.member-data.com/rdc/EZTwainX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://fwmia.mastec.com/CSHELL/extender.cab DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} - hxxp://devapp.a123systems.com:8004/jinitiator/oajinit.exe DPF: {CAFEEFAC-0011-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.1.0/jinstall-1_1_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://member.tvnsports.com/vjocx-en.cab DPF: {DD60442B-829E-4476-8B1B-AD13A5094AB7} - hxxps://bn-orclqaapp01.nuance.com:4001/OA_HTML/CRM/Download/RASWebControl.CAB DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} - hxxps://vpn.a123systems.com/CACHE/sdesktop/install/binaries/instweb.cab TCP: Interfaces\{84DA661C-FA0B-4814-8381-EE195D97DA1B} : DhcpNameServer = 216.41.101.15 204.17.65.2 198.6.100.25 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~2\McIEPlg.dll Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~2\McIEPlg.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-19 461864] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-19 89624] R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2009-4-2 353672] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-30 47640] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~2\mcsacore.exe [2011-1-18 88176] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-4 166024] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-4 160344] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-4 148520] R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-6-4 291064] R2 RumorServer;McAfee Peer Distribution Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-6-4 291064] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2011-5-23 465872] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-13 112128] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-5-13 244368] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-19 180008] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-19 59288] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-19 338040] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 83688] R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2009-10-21 22600] R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2009-4-2 129304] S0 cerc6;cerc6; [x] S0 mafesd;mafesd;c:\windows\system32\drivers\thikq.sys --> c:\windows\system32\drivers\thikq.sys [?] S2 BMFMySQL;BMFMySQL;"c:\program files\quest software\benchmark factory for databases\repository\mysql\bin\mysqld-max-nt.exe" --defaults-file="c:\program files\quest software\benchmark factory for databases\repository\mysql\my.ini" bmfmysql --> c:\program files\quest software\benchmark factory for databases\repository\mysql\bin\mysqld-max-nt.exe [?] S2 EngineServer;EngineServer;"c:\program files\mcafee\managed virusscan\vscan\engineserver.exe" --> c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [?] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?] S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;"c:\program files\mcafee\siteadvisor enterprise\mcsacore.exe" --> c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [?] S2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\oracle\bitoolshome_1\bin\ifsrv60.exe -start_service --> c:\oracle\bitoolshome_1\bin\ifsrv60.exe -start_service [?] S2 OracleReportServer-Rep60_VINODK-BIToolsHome6;Oracle Reports Server [Rep60_VINODK-BIToolsHome6];c:\oracle\bitoolshome_6\bin\rwmts60.exe --> c:\oracle\bitoolshome_6\bin\rwmts60.exe [?] S2 OracleReportServer-Rep60_VINODK;Oracle Reports Server [Rep60_VINODK];c:\oracle\bitoolshome_1\bin\rwmts60.exe --> c:\oracle\bitoolshome_1\bin\rwmts60.exe [?] S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2011-10-13 36624] S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2011-10-13 46480] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 83688] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-19 87808] S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-5-13 34248] S3 OracleBIToolsHome_1ClientCache;OracleBIToolsHome_1ClientCache;c:\new oracle\bitoolshome_1\bin\ONRSD.EXE [2000-1-25 408568] S3 OracleBIToolsHome2ClientCache;OracleBIToolsHome2ClientCache;c:\oracle\bitoolshome_2\bin\onrsd.exe --> c:\oracle\bitoolshome_2\bin\ONRSD.EXE [?] S3 OracleBIToolsHome2ClientCache80;OracleBIToolsHome2ClientCache80;c:\oracle\bitoolshome_2\bin\onrsd80.exe --> c:\oracle\bitoolshome_2\bin\ONRSD80.EXE [?] S3 OracleBIToolsHome6ClientCache80;OracleBIToolsHome6ClientCache80;c:\oracle\bitoolshome_6\bin\onrsd80.exe --> c:\oracle\bitoolshome_6\bin\ONRSD80.EXE [?] S3 OracleClientCache80;OracleClientCache80;c:\oracle\product\10.2.0\bin\ONRSD80.EXE [2011-3-21 101136] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2012-02-15 23:46:08 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-02-15 23:46:08 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-15 23:45:39 -------- d--h--w- C:\VJVod_Cache 2012-02-15 23:45:39 -------- d-----w- C:\New Folder 2012-02-15 23:45:39 -------- d-----w- C:\AVATAR 2012-02-15 23:45:30 -------- d-----w- C:\desktop 2012-02-15 23:44:33 -------- d-----w- c:\program files\Sun 2012-02-15 23:44:29 -------- d-----w- C:\Songs 2012-02-15 23:44:29 -------- d-----w- C:\PHOTOS 2012-02-15 23:43:35 -------- d-----w- c:\windows\system32\nagasoft 2012-02-15 23:32:53 -------- d-----w- c:\documents and settings\administrator\application data\684AA 2012-02-15 15:38:12 -------- d-----w- c:\program files\LP 2012-02-14 15:31:30 -------- dc----w- c:\windows\ie7(2) 2012-02-14 02:43:43 -------- d-----w- C:\RECYCLER(2) 2012-02-13 19:58:00 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-13 19:44:16 -------- d-s---w- C:\ComboFix(2) 2012-02-10 05:39:57 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sony Corporation 2012-02-10 05:39:28 -------- d-----w- c:\program files\Sony 2012-02-10 05:37:05 -------- d-----w- c:\documents and settings\all users\application data\Sony Corporation 2012-01-20 18:53:27 -------- d-----w- c:\documents and settings\administrator\New Folder (2) . ==================== Find3M ==================== . 2011-12-28 20:32:33 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-12-28 20:32:33 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-28 20:32:13 0 ----a-w- c:\windows\system32\REN2C7.tmp 2011-12-28 20:32:13 0 ----a-w- c:\windows\system32\REN2C6.tmp 2011-12-21 06:12:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-05 16:01:29 0 ----a-w- c:\windows\system32\REN2D.tmp 2011-12-05 16:01:29 0 ----a-w- c:\windows\system32\REN2C.tmp 2011-11-20 14:20:34 0 ----a-w- c:\windows\svcs.exe . ============= FINISH: 20:08:20.31 =============== Attach Log: - . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/15/2010 12:59:23 PM System Uptime: 2/15/2012 7:35:24 PM (1 hours ago) . Motherboard: Dell Inc. | | 0X564R Processor: Intel Pentium III Xeon processor | Microprocessor | 2393/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 91.437 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Broadcom USH Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000 Manufacturer: Name: Broadcom USH PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Base System Device Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_024F1028&REV_11\4&A85581B&0&0BF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_024F1028&REV_11\4&A85581B&0&0BF0 Service: . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GU10N__________________A102____\4&3AC9D9DD&0&0.1.0 Manufacturer: (Standard CD-ROM drives) Name: HL-DT-ST DVD+-RW GU10N PNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GU10N__________________A102____\4&3AC9D9DD&0&0.1.0 Service: cdrom . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_024F1028&REV_03\3&61AAA01&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_024F1028&REV_03\3&61AAA01&0&FB Service: . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Device ID: ROOT\NET\0002 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows PNP Device ID: ROOT\NET\0002 Service: vpnva . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: WinpkFilter Miniport Device ID: ROOT\NT_NDISRDMP\0000 Manufacturer: NTKR Name: Check Point Virtual Network Adapter For SSL Network Extender - WinpkFilter Miniport PNP Device ID: ROOT\NT_NDISRDMP\0000 Service: Ndisrd . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: WinpkFilter Miniport Device ID: ROOT\NT_NDISRDMP\0004 Manufacturer: NTKR Name: WAN Miniport (IP) - WinpkFilter Miniport PNP Device ID: ROOT\NT_NDISRDMP\0004 Service: Ndisrd . ==== System Restore Points =================== . RP320: 11/17/2011 2:39:47 PM - System Checkpoint RP321: 11/18/2011 8:24:07 PM - System Checkpoint RP322: 11/20/2011 9:27:41 AM - System Checkpoint RP323: 11/21/2011 12:27:53 PM - System Checkpoint RP324: 11/22/2011 12:37:27 PM - System Checkpoint RP325: 11/24/2011 1:38:38 PM - System Checkpoint RP326: 11/26/2011 12:13:21 PM - System Checkpoint RP327: 11/27/2011 9:58:35 PM - System Checkpoint RP328: 11/29/2011 12:40:50 PM - System Checkpoint RP329: 11/30/2011 3:10:56 PM - System Checkpoint RP330: 12/1/2011 4:19:19 PM - System Checkpoint RP331: 12/2/2011 11:00:42 PM - System Checkpoint RP332: 12/5/2011 11:01:04 AM - Removed Java 6 Update 26 RP333: 12/5/2011 11:49:40 AM - Installed Java SE Development Kit 6 Update 18 RP334: 12/5/2011 11:51:06 AM - Installed Java 6 Update 18 RP335: 12/6/2011 12:16:35 PM - System Checkpoint RP336: 12/8/2011 12:11:53 PM - System Checkpoint RP337: 12/9/2011 12:43:00 PM - System Checkpoint RP338: 12/12/2011 11:34:27 AM - System Checkpoint RP339: 12/14/2011 10:43:43 AM - System Checkpoint RP340: 12/16/2011 1:20:48 PM - System Checkpoint RP341: 12/18/2011 4:01:40 PM - System Checkpoint RP342: 12/20/2011 10:56:17 AM - System Checkpoint RP343: 12/21/2011 11:40:43 AM - System Checkpoint RP344: 12/22/2011 12:02:57 PM - System Checkpoint RP345: 12/23/2011 12:40:52 PM - System Checkpoint RP346: 12/27/2011 11:19:15 AM - System Checkpoint RP347: 12/28/2011 11:24:39 AM - System Checkpoint RP348: 12/29/2011 11:30:46 AM - System Checkpoint RP349: 12/30/2011 12:23:51 PM - System Checkpoint RP350: 1/1/2012 11:38:54 AM - System Checkpoint RP351: 1/2/2012 10:24:22 PM - System Checkpoint RP352: 1/4/2012 1:08:38 AM - System Checkpoint RP353: 1/5/2012 1:09:41 PM - System Checkpoint RP354: 1/6/2012 1:36:07 PM - System Checkpoint RP355: 1/7/2012 2:21:17 PM - System Checkpoint RP356: 1/8/2012 4:37:04 PM - System Checkpoint RP357: 1/9/2012 5:13:44 PM - System Checkpoint RP358: 1/10/2012 5:49:37 PM - System Checkpoint RP359: 1/11/2012 7:27:17 PM - System Checkpoint RP360: 1/13/2012 1:46:18 PM - System Checkpoint RP361: 1/15/2012 12:11:36 PM - System Checkpoint RP362: 1/16/2012 12:12:07 PM - System Checkpoint RP363: 1/17/2012 9:00:22 PM - System Checkpoint RP364: 1/18/2012 9:33:19 PM - System Checkpoint RP365: 1/20/2012 1:01:58 PM - System Checkpoint RP366: 1/21/2012 2:10:15 PM - System Checkpoint RP367: 1/22/2012 2:12:46 PM - System Checkpoint RP368: 1/23/2012 9:11:17 PM - System Checkpoint RP369: 1/24/2012 10:03:19 PM - System Checkpoint RP370: 1/25/2012 11:17:43 PM - System Checkpoint RP371: 1/26/2012 11:56:16 PM - System Checkpoint RP372: 1/29/2012 11:20:05 AM - System Checkpoint RP373: 1/30/2012 12:16:24 PM - System Checkpoint RP374: 1/31/2012 10:36:44 PM - System Checkpoint RP375: 2/2/2012 12:21:38 PM - System Checkpoint RP376: 2/3/2012 12:35:19 PM - System Checkpoint RP377: 2/5/2012 11:16:23 AM - System Checkpoint RP378: 2/6/2012 12:57:02 PM - System Checkpoint RP379: 2/7/2012 1:15:59 PM - System Checkpoint RP380: 2/8/2012 1:47:34 PM - System Checkpoint RP381: 2/9/2012 10:58:51 PM - System Checkpoint RP382: 2/11/2012 11:36:30 AM - System Checkpoint RP383: 2/13/2012 9:42:14 AM - Restore Operation RP384: 2/13/2012 3:16:36 PM - Restore Operation RP385: 2/14/2012 9:55:21 AM - Removed Benchmark Factory for Databases RP386: 2/14/2012 9:56:12 AM - Removed Java DB 10.5.3.0 RP387: 2/14/2012 10:26:57 AM - Software Distribution Service 3.0 RP388: 2/14/2012 10:30:28 AM - Installed Windows XP KB915865. RP389: 2/14/2012 10:31:01 AM - Installed Windows NLSDownlevelMapping. RP390: 2/14/2012 10:31:18 AM - Installed Windows IDNMitigationAPIs. RP391: 2/14/2012 10:31:48 AM - Installed Windows Internet Explorer 7. RP392: 2/14/2012 10:32:07 AM - Software Distribution Service 3.0 RP393: 2/14/2012 4:12:58 PM - Removed Google Talk Plugin RP394: 2/15/2012 6:41:57 PM - Restore Operation . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.1) Apple Application Support Apple Mobile Device Support Apple Software Update Benchmark Factory for Databases Bonjour Chatter Desktop Check Point SSL Network Extender Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Cisco Systems VPN Client 5.0.06.0160 CodeSite 3.0.1 Client Tools Crystal Reports XI Release 2 .NET 2005 Server Dell Resource CD DivX Setup Facebook Video Calling 1.1.1.1 FileZilla Client 3.5.3 Formatter Plus V1.4 Google Chrome Google Talk (remove only) Google Talk Plugin Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) IDT Audio Intel PROSet Wireless Intel® Network Connections Drivers Intel® PROSet/Wireless WiFi Software iTunes Java Auto Updater Java DB 10.5.3.0 Java 6 Update 26 Java SE Development Kit 6 Update 18 Knowledge Xpert for Oracle Administration V9.1.1 Knowledge Xpert for PLSQL V9.0 Knowledge Xpert for PLSQL V9.1.1 KONICA MINOLTA bizhub C353 Series Malwarebytes Anti-Malware version 1.60.1.1000 McAfee Firewall Protection Service McAfee SiteAdvisor McAfee Virus and Spyware Protection Service Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2008 Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Management Studio Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 Policies Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP1 English Microsoft SQL Server Compact 3.5 SP1 Query Tools English Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual Studio Tools for Applications 2.0 - ENU MobileMe Control Panel Mozilla Firefox 9.0.1 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Numara Track-It! Technician Client NVIDIA Drivers Octoshape add-in for Adobe Flash Player Octoshape Streaming Services Oracle BI Publisher Desktop Oracle Data Provider for .NET Help Oracle JInitiator 1.3.1.18 Oracle XML Publisher Reporting Tools For Word Qexplain2full QHM500-8LM (S) USB PC Camera Quest Software Toad for Oracle Version 9.0.1 Quest SQL Tuning for Oracle QuickTime Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office 2007 System (KB2541012) Security Update for Microsoft Office Excel 2007 (KB2541007) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) Skype™ 5.5 SonicWALL SSL-VPN NetExtender SourceGear Vault Client TeamViewer 5 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Outlook 2007 (KB2509470) Update for Outlook 2007 Junk Email Filter (KB2536413) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.6195 Visual C++ 8.0 x86 Runtime Setup Package VLC media player 1.1.4 WebEx WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 WinRAR archiver WinZip Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 2/9/2012 9:30:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402 2/9/2012 9:30:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402 2/9/2012 9:27:32 AM, error: Dhcp [1002] - The IP address lease 172.19.0.228 for the Network Card with network address 0024E8AD395D has been denied by the DHCP server 10.0.1.51 (The DHCP Server sent a DHCPNACK message). 2/9/2012 1:40:12 PM, error: Dhcp [1002] - The IP address lease 192.168.1.11 for the Network Card with network address 00216A68A894 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message). 2/8/2012 10:44:28 PM, error: Dhcp [1002] - The IP address lease 172.36.1.133 for the Network Card with network address 00216A68A894 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 2/15/2012 10:34:36 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 2/14/2012 9:23:02 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. 2/14/2012 9:23:02 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service. 2/14/2012 9:20:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.11 for the Network Card with network address 00216A68A894 has been denied by the DHCP server 172.36.1.1 (The DHCP Server sent a DHCPNACK message). 2/14/2012 4:22:44 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error. 2/14/2012 10:14:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/14/2012 10:06:36 AM, error: Internet Explorer 7 Disk [4375] - Internet Explorer 7 ie7 uninstall failed. The system cannot find the file specified. 2/14/2012 10:06:16 AM, error: Internet Explorer 7 Disk [4375] - Internet Explorer 7 ie7 uninstall failed. The system cannot find the file specified. 2/13/2012 9:50:20 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). 2/13/2012 9:50:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect. 2/13/2012 9:50:20 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/13/2012 9:49:49 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/13/2012 9:43:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 2/13/2012 9:41:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 2/13/2012 9:28:15 AM, error: Dhcp [1002] - The IP address lease 10.11.65.8 for the Network Card with network address 0024E8AD395D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 2/13/2012 8:07:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k mfetdik MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL 2/13/2012 7:57:54 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service. 2/13/2012 7:39:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k mfetdik MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 2/13/2012 7:30:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402 2/13/2012 7:30:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402 2/13/2012 6:30:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402 2/13/2012 6:30:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402 2/13/2012 6:03:19 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 21 time(s). 2/13/2012 5:58:40 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 20 time(s). 2/13/2012 5:52:22 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 19 time(s). 2/13/2012 5:47:07 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 18 time(s). 2/13/2012 5:42:04 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 17 time(s). 2/13/2012 5:36:22 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 16 time(s). 2/13/2012 5:30:47 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 15 time(s). 2/13/2012 5:30:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402 2/13/2012 5:30:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402 2/13/2012 5:24:50 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 14 time(s). 2/13/2012 5:19:11 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 13 time(s). 2/13/2012 5:12:26 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 12 time(s). 2/13/2012 5:07:17 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 11 time(s). 2/13/2012 4:58:17 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 10 time(s). 2/13/2012 4:53:45 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 9 time(s). 2/13/2012 4:49:14 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 8 time(s). 2/13/2012 4:44:35 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 7 time(s). 2/13/2012 4:39:13 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 6 time(s). 2/13/2012 4:33:44 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 2/13/2012 4:30:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402 2/13/2012 4:30:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402 2/13/2012 4:28:56 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 2/13/2012 4:24:27 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 2/13/2012 4:19:58 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 2/13/2012 4:14:39 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 2/13/2012 4:05:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 2/13/2012 4:04:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Cdrom Fips Imapi intelppm IPSec mfehidk mfetdi2k mfetdik MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The Cisco AnyConnect Secure Mobility Agent service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/13/2012 4:03:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/13/2012 3:30:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: General access denied error 2/13/2012 3:30:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: General access denied error 2/13/2012 3:30:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402 2/13/2012 3:30:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402 2/13/2012 2:37:24 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). 2/13/2012 2:30:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: General access denied error 2/13/2012 2:30:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: General access denied error 2/13/2012 2:30:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402 2/13/2012 2:30:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402 2/13/2012 12:48:35 AM, error: Service Control Manager [7031] - The Cisco AnyConnect Secure Mobility Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 4000 milliseconds: Restart the service. 2/13/2012 12:30:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: General access denied error 2/13/2012 12:30:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: General access denied error 2/13/2012 11:30:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error 2/13/2012 11:30:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error 2/13/2012 1:30:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: General access denied error 2/13/2012 1:30:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: General access denied error 2/12/2012 9:15:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the vpnagent service. 2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The Oracle Reports Server [Rep60_VINODK] service failed to start due to the following error: The system cannot find the path specified. 2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The Oracle Reports Server [Rep60_VINODK-BIToolsHome6] service failed to start due to the following error: The system cannot find the path specified. 2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The Oracle Forms Server [Forms60Server] service failed to start due to the following error: The system cannot find the path specified. 2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Enterprise Service service failed to start due to the following error: The system cannot find the file specified. 2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the path specified. 2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified. 2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The EngineServer service failed to start due to the following error: The system cannot find the file specified. 2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The BMFMySQL service failed to start due to the following error: The system cannot find the path specified. 2/12/2012 2:28:37 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 206 time(s). 2/12/2012 2:28:36 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 205 time(s). 2/12/2012 2:28:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 204 time(s). 2/12/2012 2:28:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 203 time(s). 2/12/2012 2:28:30 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 202 time(s). 2/12/2012 2:28:26 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 201 time(s). 2/12/2012 2:28:24 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 200 time(s). 2/12/2012 2:28:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 199 time(s). 2/12/2012 2:28:19 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 198 time(s). 2/12/2012 2:28:17 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 197 time(s). 2/12/2012 2:28:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 196 time(s). 2/12/2012 2:28:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 195 time(s). 2/12/2012 2:28:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 194 time(s). 2/12/2012 2:28:06 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 193 time(s). 2/12/2012 2:28:03 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 192 time(s). 2/12/2012 2:28:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 191 time(s). 2/12/2012 2:27:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 190 time(s). 2/12/2012 2:27:53 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 189 time(s). 2/12/2012 2:27:42 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 188 time(s). 2/12/2012 2:27:31 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 187 time(s). 2/12/2012 2:27:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 186 time(s). 2/12/2012 2:27:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 185 time(s). 2/12/2012 2:27:01 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 184 time(s). 2/12/2012 2:26:57 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 183 time(s). 2/12/2012 2:26:53 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 182 time(s). 2/12/2012 2:26:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 181 time(s). 2/12/2012 2:26:46 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 180 time(s). 2/12/2012 2:26:42 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 179 time(s). 2/12/2012 2:26:38 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 178 time(s). 2/12/2012 2:26:35 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 177 time(s). 2/12/2012 2:26:31 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 176 time(s). 2/12/2012 2:26:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 175 time(s). 2/12/2012 2:26:25 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 174 time(s). 2/12/2012 2:26:14 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 173 time(s). 2/12/2012 2:26:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 172 time(s). 2/12/2012 2:26:01 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 171 time(s). 2/12/2012 2:25:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 170 time(s). 2/12/2012 2:25:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 169 time(s). 2/12/2012 2:25:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 168 time(s). 2/12/2012 2:25:45 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 167 time(s). 2/12/2012 2:25:41 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 166 time(s). 2/12/2012 2:25:38 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 165 time(s). 2/12/2012 2:25:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 164 time(s). 2/12/2012 2:25:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 163 time(s). 2/12/2012 2:25:26 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 162 time(s). 2/12/2012 2:25:24 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 161 time(s). 2/12/2012 2:25:20 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 160 time(s). 2/12/2012 2:25:16 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 159 time(s). 2/12/2012 2:25:12 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 158 time(s). 2/12/2012 2:25:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 157 time(s). 2/12/2012 2:25:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 156 time(s). 2/12/2012 2:25:01 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 155 time(s). 2/12/2012 2:24:58 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 154 time(s). 2/12/2012 2:24:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 153 time(s). 2/12/2012 2:24:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 152 time(s). 2/12/2012 2:24:46 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 151 time(s). 2/12/2012 2:24:42 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 150 time(s). 2/12/2012 2:24:38 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 149 time(s). 2/12/2012 2:24:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 148 time(s). 2/12/2012 2:24:33 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 147 time(s). 2/12/2012 2:24:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 146 time(s). 2/12/2012 2:24:25 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 145 time(s). 2/12/2012 2:24:21 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 144 time(s). 2/12/2012 2:24:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 143 time(s). 2/12/2012 2:24:14 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 142 time(s). 2/12/2012 2:24:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 141 time(s). 2/12/2012 2:24:06 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 140 time(s). 2/12/2012 2:24:03 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 139 time(s). 2/12/2012 2:24:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 138 time(s). 2/12/2012 2:23:55 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 137 time(s). 2/12/2012 2:23:52 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 136 time(s). 2/12/2012 2:23:48 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 135 time(s). 2/12/2012 2:23:44 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 134 time(s). 2/12/2012 2:23:40 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 133 time(s). 2/12/2012 2:23:33 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 132 time(s). 2/12/2012 2:23:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 131 time(s). 2/12/2012 2:23:25 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 130 time(s). 2/12/2012 2:23:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 129 time(s). 2/12/2012 2:23:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 128 time(s). 2/12/2012 2:23:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 127 time(s). 2/12/2012 2:23:11 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 126 time(s). 2/12/2012 2:23:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 125 time(s). 2/12/2012 2:23:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 124 time(s). 2/12/2012 2:22:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 123 time(s). 2/12/2012 2:22:52 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 122 time(s). 2/12/2012 2:22:49 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 121 time(s). 2/12/2012 2:22:45 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 120 time(s). 2/12/2012 2:22:43 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 119 time(s). 2/12/2012 2:22:40 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 118 time(s). 2/12/2012 2:22:37 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 117 time(s). 2/12/2012 2:22:36 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 116 time(s). 2/12/2012 2:22:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 115 time(s). 2/12/2012 2:22:27 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 114 time(s). 2/12/2012 2:22:23 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 113 time(s). 2/12/2012 2:22:19 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 112 time(s). 2/12/2012 2:22:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 111 time(s). 2/12/2012 2:22:11 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 110 time(s). 2/12/2012 2:22:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 109 time(s). 2/12/2012 2:22:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 108 time(s). 2/12/2012 2:21:59 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 107 time(s). 2/12/2012 2:21:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 106 time(s). 2/12/2012 2:21:48 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 105 time(s). 2/12/2012 2:21:43 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 104 time(s). 2/12/2012 2:21:36 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. 2/12/2012 2:21:31 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 103 time(s). 2/12/2012 2:21:27 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 102 time(s). 2/12/2012 2:21:23 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 101 time(s). 2/12/2012 2:21:20 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 100 time(s). 2/12/2012 2:21:16 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 99 time(s). 2/12/2012 2:21:12 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 98 time(s). 2/12/2012 2:21:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 97 time(s). 2/12/2012 2:21:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 96 time(s). 2/12/2012 2:21:01 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 95 time(s). 2/12/2012 2:20:57 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 94 time(s). 2/12/2012 2:20:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 93 time(s). 2/12/2012 2:20:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 92 time(s). 2/12/2012 2:20:48 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 91 time(s). 2/12/2012 2:20:44 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 90 time(s). 2/12/2012 2:20:37 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 89 time(s). 2/12/2012 2:20:33 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 88 time(s). 2/12/2012 2:20:30 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 87 time(s). 2/12/2012 2:20:26 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 86 time(s). 2/12/2012 2:20:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 85 time(s). 2/12/2012 2:20:19 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 84 time(s). 2/12/2012 2:20:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 83 time(s). 2/12/2012 2:20:11 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 82 time(s). 2/12/2012 2:20:07 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 81 time(s). 2/12/2012 2:20:04 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 80 time(s). 2/12/2012 2:20:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 79 time(s). 2/12/2012 2:19:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 78 time(s). 2/12/2012 2:19:52 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 77 time(s). 2/12/2012 2:19:51 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 76 time(s). 2/12/2012 2:19:47 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 75 time(s). 2/12/2012 2:19:43 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 74 time(s). 2/12/2012 2:19:39 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 73 time(s). 2/12/2012 2:19:35 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 72 time(s). 2/12/2012 2:19:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 71 time(s). 2/12/2012 2:19:28 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 70 time(s). 2/12/2012 2:19:24 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 69 time(s). 2/12/2012 2:19:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 68 time(s). 2/12/2012 2:19:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 67 time(s). 2/12/2012 2:19:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 66 time(s). 2/12/2012 2:19:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 65 time(s). 2/12/2012 2:19:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 64 time(s). 2/12/2012 2:19:04 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 63 time(s). 2/12/2012 2:18:59 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 62 time(s). 2/12/2012 2:18:58 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 61 time(s). 2/12/2012 2:18:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 60 time(s). 2/12/2012 2:18:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 59 time(s). 2/12/2012 2:18:48 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 58 time(s). 2/12/2012 2:18:46 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 57 time(s). 2/12/2012 2:18:42 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 56 time(s). 2/12/2012 2:18:39 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 55 time(s). 2/12/2012 2:18:35 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 54 time(s). 2/12/2012 2:18:31 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 53 time(s). 2/12/2012 2:18:27 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 52 time(s). 2/12/2012 2:18:23 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 51 time(s). 2/12/2012 2:18:21 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 50 time(s). 2/12/2012 2:18:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 49 time(s). 2/12/2012 2:18:14 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 48 time(s). 2/12/2012 2:18:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 47 time(s). 2/12/2012 2:18:07 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 46 time(s). 2/12/2012 2:18:03 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 45 time(s). 2/12/2012 2:18:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 44 time(s). 2/12/2012 2:17:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 43 time(s). 2/12/2012 2:17:52 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 42 time(s). 2/12/2012 2:17:49 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 41 time(s). 2/12/2012 2:17:44 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 40 time(s). 2/12/2012 2:17:41 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 39 time(s). 2/12/2012 2:17:37 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 38 time(s). 2/12/2012 2:17:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 37 time(s). 2/12/2012 2:17:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 36 time(s). 2/12/2012 2:17:30 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 35 time(s). 2/12/2012 2:17:26 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 34 time(s). 2/12/2012 2:17:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 33 time(s). 2/12/2012 2:17:19 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 32 time(s). 2/12/2012 2:17:17 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 31 time(s). 2/12/2012 2:17:13 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 30 time(s). 2/12/2012 2:17:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 29 time(s). 2/12/2012 2:17:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 28 time(s). 2/12/2012 2:17:04 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 27 time(s). 2/12/2012 2:17:02 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 26 time(s). 2/12/2012 2:16:58 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 25 time(s). 2/12/2012 2:16:55 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 24 time(s). 2/12/2012 2:16:51 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 23 time(s). 2/12/2012 2:16:47 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 22 time(s). 2/12/2012 2:16:46 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 21 time(s). 2/12/2012 2:16:43 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 20 time(s). 2/12/2012 2:16:40 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 19 time(s). 2/12/2012 2:16:38 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 18 time(s). 2/12/2012 2:16:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 17 time(s). 2/12/2012 2:16:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 16 time(s). 2/12/2012 2:16:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 15 time(s). 2/12/2012 2:16:25 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 14 time(s). 2/12/2012 2:16:21 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 13 time(s). 2/12/2012 2:16:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 12 time(s). 2/12/2012 2:16:14 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 11 time(s). 2/12/2012 2:16:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 10 time(s). 2/12/2012 2:16:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 9 time(s). 2/12/2012 2:16:04 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 8 time(s). 2/12/2012 2:16:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 7 time(s). 2/12/2012 2:15:57 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 6 time(s). 2/12/2012 2:15:53 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 5 time(s). 2/12/2012 2:15:49 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 4 time(s). 2/12/2012 2:15:47 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s). 2/12/2012 2:15:44 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). 2/12/2012 2:15:16 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). 2/12/2012 2:11:20 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer AA-8MK56L1-HQ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CABDCE5D-F690-. The master browser is stopping or an election is being forced. 2/12/2012 12:55:00 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.11. The machine with the IP address 192.168.1.204 did not allow the name to be claimed by this machine. 2/12/2012 12:30:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402 2/12/2012 12:30:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402 2/12/2012 1:30:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402 2/12/2012 1:30:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402 2/11/2012 9:55:01 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed. 2/11/2012 9:30:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402 2/11/2012 9:30:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402 2/11/2012 8:30:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402 2/11/2012 8:30:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402 2/11/2012 7:30:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402 2/11/2012 7:30:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402 2/11/2012 6:30:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402 2/11/2012 6:30:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402 2/11/2012 5:30:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402 2/11/2012 5:30:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402 2/11/2012 4:39:01 PM, error: Service Control Manager [7031] - The Cisco AnyConnect Secure Mobility Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 2/11/2012 4:30:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402 2/11/2012 4:30:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402 2/11/2012 3:30:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402 2/11/2012 3:30:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402 2/11/2012 2:30:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402 2/11/2012 2:30:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402 2/11/2012 12:30:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402 2/11/2012 12:30:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402 2/11/2012 11:30:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402 2/11/2012 11:30:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402 2/11/2012 11:30:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402 2/11/2012 11:30:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402 2/11/2012 11:23:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi 2/11/2012 10:30:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402 2/11/2012 10:30:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402 2/11/2012 1:30:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402 2/11/2012 1:30:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402 2/11/2012 1:17:28 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2/10/2012 7:11:20 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. 2/10/2012 10:30:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402 2/10/2012 10:30:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402 . ==== End Of File =========================== Thanks.
  8. Hello, I have run the dds.scr and attaching the zip file which contains log files. Here are the issues im facing with my system. 1) I ran McAfee & Combofix and both reported that im infected with Rootkit.ZeroAccess 2) SVCHost.exe comsumes lot of memory upto 1194287K 3) When i search anything in google and open any link from search results, it redirects to unknown sites. Thanks Vin
  9. Hello, Looks like im infected with a virus. I'm able to login to the system without any issues but i face the following issues while working 1) svchost.exe consumes lot of memory upto 1,214,956K. 2) When i search anything in google and try to open a link from the search results it directs me to a new site like 'http://carpuma.com/feed.php?kwd=google&url=http%3A%2F%2Fwww.google.com%2F&aff=305'. I ran malware bytes & mcafee but both haven't identified any viruses in the system. Later on i ran combofix and it said that im infected with rootkit.zeroaccess. It completed the scanning successfully but im not quite sure whether the virus is removed or still exists in the system. I have attached the log file of Combofix. Can anyone help me please Thanks. TDSSKiller.2.4.5.1_13.02.2012_14.56.25_log.txt ComboFix.txt
  10. Following are the contents of Extras.txt file OTL Extras logfile created on: 10/25/2010 11:45:54 PM - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Satish\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20.00 Gb Total Space | 1.16 Gb Free Space | 5.78% Space Free | Partition Type: NTFS Drive D: | 89.21 Gb Total Space | 3.34 Gb Free Space | 3.75% Space Free | Partition Type: NTFS Drive F: | 465.75 Gb Total Space | 55.31 Gb Free Space | 11.88% Space Free | Partition Type: NTFS Computer Name: SRAPOLU | User Name: Satish | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "5091:TCP" = 5091:TCP:*:Enabled:Trend Micro Threat Management Agent ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Java\jdk1.6.0_14\bin\java.exe" = C:\Program Files\Java\jdk1.6.0_14\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.) "C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator -- (Microsoft Corporation) "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks) "C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{07E53873-0371-44AE-A8DD-8C768493471F}" = Optio DesignStudio 7.8 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{2E97ADFC-0BAF-441F-8174-AB59D32C2E2F}" = ArGoSoft Mail Server .NET Freeware "{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java SE Development Kit 6 Update 14 "{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit) "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin "{35A3A4F4-B792-11D6-A78A-00B0D0142180}" = Java 2 SDK, SE v1.4.2_18 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{45065AF2-C14E-46C9-B915-7DE0B21F89A1}" = Oracle XML Publisher Report Addin "{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller "{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com "{67CF58F5-DBA4-4340-99EA-D71BC07D23EE}" = Qexplain2full "{68249B6E-B714-11D7-88E8-0050DA21757E}" = Oracle JInitiator 1.3.1.18 "{68491866-F719-4CF3-9F1C-068C333EBCA1}" = Oracle Business Intelligence for Microsoft Office "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help "{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn "{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{90EEB53D-8070-4917-9937-1C5CAECA7FC2}" = AT&T Connect Participant Application v8.5.63 "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1 "{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus "{9CDEA6C3-5113-47ED-86DD-F6F84182F6C5}" = Oracle BI Publisher Analyzer for Excel "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A6E9B8AF-6BE1-4A33-9405-1300AFF9089D}" = Adobe LiveCycle Designer ES2 "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B9FF7A4A-2CF1-4262-BCBA-042BA4C7230D}" = Nitro PDF Professional "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF76FCE2-995F-479B-A004-1B67DFC7E80D}" = Oracle BI Publisher Desktop "{CFFFE327-8FAF-459B-A023-4502DB38F6CE}" = Oracle XML Publisher Reporting Tools For Word "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype
  11. Following is the contents of OTL.txt OTL logfile created on: 10/25/2010 11:45:54 PM - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Satish\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20.00 Gb Total Space | 1.16 Gb Free Space | 5.78% Space Free | Partition Type: NTFS Drive D: | 89.21 Gb Total Space | 3.34 Gb Free Space | 3.75% Space Free | Partition Type: NTFS Drive F: | 465.75 Gb Total Space | 55.31 Gb Free Space | 11.88% Space Free | Partition Type: NTFS Computer Name: SRAPOLU | User Name: Satish | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/10/24 17:10:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Satish\Desktop\OTL.exe PRC - [2010/07/09 12:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE PRC - [2010/07/09 12:40:14 | 000,196,928 | ---- | M] (Nitro PDF Software) -- D:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe PRC - [2010/06/08 03:12:36 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe PRC - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe PRC - [2009/08/20 13:44:38 | 000,615,688 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2009/04/15 01:07:21 | 000,094,208 | ---- | M] (Oracle) -- D:\OracleBI\web\bin\sawjavahostsvc.exe PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/09/25 21:00:46 | 000,349,464 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\PEAgent\PEAgent.exe PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010/10/24 17:10:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Satish\Desktop\OTL.exe MOD - [2008/04/14 06:42:02 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll MOD - [2008/04/14 06:41:54 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010/07/24 00:06:52 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc) SRV - [2010/07/09 12:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc) SRV - [2010/07/09 12:40:14 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- D:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool) SRV - [2010/06/08 03:12:36 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010/06/04 13:33:38 | 000,353,544 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\TDMEAgent.exe -- (Threat Mitigation Service) SRV - [2009/12/16 21:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service) SRV - [2009/12/15 15:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield) SRV - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer) SRV - [2009/05/08 17:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/04/15 01:38:02 | 000,122,880 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- D:\OracleBI\server\Bin\NQScheduler.exe -- (Oracle BI Scheduler) SRV - [2009/04/15 01:37:54 | 000,033,792 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- D:\OracleBI\server\Bin\NQSClusterController.exe -- (Oracle BI Cluster Controller) SRV - [2009/04/15 01:37:46 | 000,049,152 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- D:\OracleBI\server\Bin\NQSServer.exe -- (Oracle BI Server) SRV - [2009/04/15 01:07:21 | 000,094,208 | ---- | M] (Oracle) [Auto | Running] -- D:\OracleBI\web\bin\sawjavahostsvc.exe -- (sawjavahostsvc) SRV - [2009/04/15 01:07:21 | 000,086,016 | ---- | M] (Oracle) [Auto | Stopped] -- D:\OracleBI\web\bin\sawserver.exe -- (sawsvc) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/10/16 21:35:28 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2008/09/25 21:00:46 | 000,349,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\WINDOWS\PEAgent\PEAgent.exe -- (TMAgent) SRV - [2008/07/24 19:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2006/02/02 02:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- D:\OracleATS\oxe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent) SRV - [2006/02/02 02:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- D:\OracleATS\oxe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService) SRV - [2006/02/02 02:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- d:\oracleats\oxe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE) SRV - [2006/02/02 02:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- d:\oracleats\oxe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE) SRV - [2005/08/29 23:03:50 | 059,027,456 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- d:\oracle\product\10.2.0\db_2\bin\ORACLE.EXE -- (OracleServiceORCL) SRV - [2005/08/29 20:32:22 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- d:\oracle\product\10.2.0\db_2\Bin\extjob.exe -- (OracleJobSchedulerORCL) SRV - [2005/08/16 13:21:06 | 000,024,064 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- D:\oracle\product\10.2.0\db_2\BIN\nmesrvc.exe -- (OracleDBConsoleorcl) SRV - [2005/08/16 02:23:02 | 000,053,248 | ---- | M] (Oracle) [Auto | Stopped] -- D:\oracle\product\10.2.0\db_2\BIN\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus) SRV - [2005/08/16 00:57:48 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\product\10.2.0\db_2\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListenerorcl) SRV - [2005/08/16 00:57:48 | 000,204,800 | ---- | M] () [Auto | Stopped] -- D:\oracle\product\10.2.0\db_2\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListener) SRV - [2002/11/26 20:45:14 | 000,101,136 | ---- | M] () [On_Demand | Stopped] -- D:\orant\BIN\ONRSD80.EXE -- (OracleClientCache80) ========== Driver Services (SafeList) ========== DRV - [2010/06/08 02:35:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2009/12/15 16:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK) DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK) DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK) DRV - [2009/04/09 15:23:02 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP) DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2008/07/24 19:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/05/16 19:14:58 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/05/06 18:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/04/27 16:37:24 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2007/03/16 19:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005/02/16 07:33:04 | 000,010,272 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw) DRV - [2005/02/16 07:32:55 | 000,027,968 | ---- | M] (F5 Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\urvpndrv.sys -- (urvpndrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.539 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2010/10/25 19:15:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/24 14:53:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/25 20:32:12 | 000,000,000 | ---D | M] [2009/07/15 19:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Mozilla\Extensions [2010/10/25 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\extensions [2009/10/09 10:46:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/06 12:17:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/09/12 13:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\extensions\firefox@tvunetworks.com [2010/09/20 20:34:49 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\searchplugins\bing.xml [2010/10/25 19:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/14 18:36:21 | 000,028,472 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll [2010/07/14 18:36:23 | 000,239,488 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll [2010/03/11 22:24:58 | 000,046,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll [2010/03/11 22:25:32 | 000,099,208 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll [2010/07/14 18:28:18 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll O1 HOSTS File: ([2010/10/21 19:06:56 | 000,002,592 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 74.125.95.18 mail.google.com O1 - Hosts: 192.168.1.13 learning learning.apps.com O1 - Hosts: 192.168.1.10 sharp sharp.apps.com O1 - Hosts: 10.1.4.82 pb-orcldbdev pb-orcldbdev.pb.scansoft.com O1 - Hosts: 10.1.4.81 pb-orclapp1 pb-orclapp1.pb.scansoft.com O1 - Hosts: 10.1.4.83 pb-orclappdev pb-orclappdev.pb.scansoft.com O1 - Hosts: 192.168.1.7 soa03 soa03.apps.com O1 - Hosts: 192.168.1.13 shine shine.apps.com O1 - Hosts: 192.168.1.8 spark spark.apps.com O1 - Hosts: 10.1.4.145 mkees145 mkees145.portexusa.com O1 - Hosts: 10.1.4.129 hpuxapp1 hpuxapp1.portexusa.com O1 - Hosts: 10.1.4.131 hpuxapp2 hpuxapp2.portexusa.com O1 - Hosts: 10.1.4.147 mkees147 mkees147.portexusa.com O1 - Hosts: 10.1.4.140 mkees140 mkees140.portexusa.com O1 - Hosts: 10.1.4.149 mkees149 mkees149.portexusa.com O1 - Hosts: 10.2.161.27 mkeeu009 mkeeu009.medical.smgpplc.com O1 - Hosts: 10.2.161.31 mkeeu012 mkeeu012.medical.smgpplc.com O1 - Hosts: 10.2.151.1 mpauu001 mpauu001.medical.smgpplc.com O1 - Hosts: 10.2.161.51 mkeeu014 mkeeu014.medical.smgpplc.com O1 - Hosts: 10.2.161.114 mkeel002.medical.smgpplc.com Mkeel002 O1 - Hosts: 10.2.10.37 ux30.deltec.com O1 - Hosts: 10.2.10.39 ux21.deltec.com O1 - Hosts: 192.168.137.35 devilrays devilrays.appsassociates.com O1 - Hosts: 192.168.137.40 bluejays bluejays.appsassociates.com O1 - Hosts: 19 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100802230603.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O3 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Policy Enforcer] C:\WINDOWS\PEAgent\PEAgentMonitor.exe (Trend Micro Inc.) O4 - HKU\.DEFAULT..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://portal1.empi.com/vdesk/terminal/urx...=5400,0,50316,1 (F5 Networks VPN Manager) O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://portal1.empi.com/vdesk/terminal/urT...=5400,0,50412,1 (F5 Networks SSLTunnel) O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} http://mpaus23.medical.smgpplc.com/aspnet_...lib/VSFlex8.CAB (ComponentOne FlexGrid 8.0 (UNICODE Light)) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {A1D78A69-ABD7-463A-9960-3E69E7ABFED0} http://www.google.com/GGBTRENDMICRO/cabinet/PEAgent.cab (TMAgent) O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} http://mpauu009.medical.smgpplc.com:8000/j...tor/oajinit.exe (JInitiator 1.3.1.18) O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://portal1.empi.com/vdesk/terminal/urxshost.cab (F5 Networks SuperHost Class) O16 - DPF: {D576AB8D-02C7-4588-98AC-5C2533A4481B} http://mpaus23.medical.smgpplc.com/aspnet_...verControls.CAB (AppWeaverControls.DTPicker) O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://portal1.empi.com/vdesk/terminal/urx...=5400,0,50316,1 (F5 Networks Host Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rasnl.smiths.com/dana-cached/sc/Jun...SetupClient.cab (JuniperSetupClientControl Class) O16 - DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} http://mpaus23.medical.smgpplc.com/aspnet_...eXClipboard.CAB (Altiris Clipboard Helper) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.) O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll () O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Satish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Satish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/07/13 20:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1ce756fe-8df2-11de-8dbf-001e4cabbf8f}\Shell - "" = AutoRun O33 - MountPoints2\{1ce756fe-8df2-11de-8dbf-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1ce756fe-8df2-11de-8dbf-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{43fba80d-701b-11de-8da1-001e4cabbf8f}\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found O33 - MountPoints2\{60c6943e-3a84-11df-8e65-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{60c6943e-3a84-11df-8e65-001e4cabbf8f}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{60c6943e-3a84-11df-8e65-001e4cabbf8f}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{60c6943e-3a84-11df-8e65-001e4cabbf8f}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{73a37496-41ba-11df-8e67-001e4cabbf8f}\Shell - "" = AutoRun O33 - MountPoints2\{73a37496-41ba-11df-8e67-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{73a37496-41ba-11df-8e67-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{cd082d30-732d-11de-8daa-001e4cabbf8f}\Shell - "" = AutoRun O33 - MountPoints2\{cd082d30-732d-11de-8daa-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cd082d30-732d-11de-8daa-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{d02f88fd-adca-11de-8e12-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O33 - MountPoints2\{d3284cbe-a7f3-11de-8e0b-001e4cabbf8f}\Shell - "" = AutoRun O33 - MountPoints2\{d3284cbe-a7f3-11de-8e0b-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d3284cbe-a7f3-11de-8e0b-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{ee045241-d204-11de-8e2c-001e4cabbf8f}\Shell - "" = AutoRun O33 - MountPoints2\{ee045241-d204-11de-8e2c-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ee045241-d204-11de-8e2c-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/25 23:45:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Satish\Desktop\OTL.exe [2010/10/25 22:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010/10/25 22:24:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/10/25 22:24:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/10/25 21:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/24 17:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel [2010/10/16 18:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Satish\Application Data\DivX [2010/10/16 18:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010/10/16 18:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/10/16 18:25:14 | 000,876,824 | ---- | C] (DivX, Inc. ) -- C:\Documents and Settings\Satish\Desktop\DivXInstaller.exe [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/10/25 23:44:35 | 000,029,650 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\RKUnhooker Report [2010/10/25 23:36:07 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010/10/25 23:25:19 | 000,019,424 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_23_25_19.dmp [2010/10/25 23:22:32 | 000,024,129 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2010/10/25 23:22:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/10/25 23:22:12 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-2139871995-725345543-1003.job [2010/10/25 23:21:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/25 23:17:22 | 003,886,515 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\Satish-Fix.exe [2010/10/25 22:53:25 | 000,019,212 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_53_25.dmp [2010/10/25 22:46:47 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\Shortcut to winlogon.exe.lnk [2010/10/25 22:44:54 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk [2010/10/25 22:38:30 | 000,019,212 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_38_29.dmp [2010/10/25 22:33:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2139871995-725345543-1003UA.job [2010/10/25 22:24:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/25 22:06:41 | 000,019,212 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_6_40.dmp [2010/10/25 21:19:21 | 000,019,212 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_21_19_20.dmp [2010/10/25 21:16:11 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/25 18:50:30 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_18_50_30.dmp [2010/10/25 00:01:24 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_0_1_24.dmp [2010/10/24 20:09:34 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_20_9_34.dmp [2010/10/24 19:55:39 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_19_55_39.dmp [2010/10/24 19:29:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-2139871995-725345543-1003.job [2010/10/24 18:52:52 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Satish\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk [2010/10/24 18:39:09 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_18_39_9.dmp [2010/10/24 18:16:42 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_18_16_42.dmp [2010/10/24 18:04:46 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Satish\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/24 17:43:17 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_17_43_17.dmp [2010/10/24 17:34:28 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\rkill.com [2010/10/24 17:31:29 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\exeHelper.com [2010/10/24 17:11:11 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\RKUnhookerLE.EXE [2010/10/24 17:10:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Satish\Desktop\OTL.exe [2010/10/24 17:10:40 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_17_10_40.dmp [2010/10/24 16:33:22 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_16_33_22.dmp [2010/10/24 14:59:53 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_14_59_52.dmp [2010/10/24 14:57:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/24 12:19:35 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_12_19_35.dmp [2010/10/24 11:49:55 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_11_49_53.dmp [2010/10/23 23:33:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2139871995-725345543-1003Core.job [2010/10/19 21:19:30 | 079,219,637 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\Jhootha.Hi.Sahi.2010.HQ.MP3.320.Kbps.VBR.CD.Rips-CR.rar [2010/10/19 07:15:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Satish\PUTTY.RND [2010/10/18 19:37:01 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_18_19_36_43.dmp [2010/10/16 18:35:09 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\DivX Movies.lnk [2010/10/16 18:32:56 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/10/16 18:25:17 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\Satish\Desktop\DivXInstaller.exe [2010/10/16 13:35:53 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\Satish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/15 20:31:27 | 000,001,793 | ---- | M] () -- C:\Documents and Settings\Satish\jinitiator13118.trace [2010/10/13 08:04:46 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_13_8_4_44.dmp [2010/10/13 07:00:25 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_13_7_0_23.dmp [2010/10/08 09:41:13 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_8_9_41_4.dmp [2010/10/03 20:37:08 | 000,047,576 | ---- | M] () -- C:\Documents and Settings\Satish\My Documents\bookmarks.html [2010/10/01 09:08:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/30 00:34:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2010/09/26 19:44:17 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_9_26_19_44_12.dmp [2010/09/26 19:10:51 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_9_26_19_10_43.dmp [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/25 23:44:35 | 000,029,650 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\RKUnhooker Report [2010/10/25 23:25:19 | 000,019,424 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_23_25_19.dmp [2010/10/25 23:19:25 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\RKUnhookerLE.EXE [2010/10/25 23:17:57 | 003,886,515 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\Satish-Fix.exe [2010/10/25 23:11:59 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\rkill.com [2010/10/25 23:11:59 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\exeHelper.com [2010/10/25 22:53:25 | 000,019,212 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_53_25.dmp [2010/10/25 22:46:47 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\Shortcut to winlogon.exe.lnk [2010/10/25 22:44:53 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk [2010/10/25 22:38:29 | 000,019,212 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_38_29.dmp [2010/10/25 22:24:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/25 22:06:40 | 000,019,212 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_6_40.dmp [2010/10/25 21:19:20 | 000,019,212 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_21_19_20.dmp [2010/10/25 18:57:30 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\Satish\rest.log [2010/10/25 18:50:30 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_18_50_30.dmp [2010/10/25 00:01:24 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_0_1_24.dmp [2010/10/24 23:53:16 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Satish\reset.log [2010/10/24 20:09:34 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_20_9_34.dmp [2010/10/24 19:55:39 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_19_55_39.dmp [2010/10/24 18:39:09 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_18_39_9.dmp [2010/10/24 18:16:42 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_18_16_42.dmp [2010/10/24 17:43:17 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_17_43_17.dmp [2010/10/24 17:10:40 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_17_10_40.dmp [2010/10/24 16:33:22 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_16_33_22.dmp [2010/10/24 14:59:52 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_14_59_52.dmp [2010/10/24 12:19:35 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_12_19_35.dmp [2010/10/24 11:49:53 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_11_49_53.dmp [2010/10/19 20:52:58 | 079,219,637 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\Jhootha.Hi.Sahi.2010.HQ.MP3.320.Kbps.VBR.CD.Rips-CR.rar [2010/10/18 19:36:45 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_18_19_36_43.dmp [2010/10/16 18:35:09 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\DivX Movies.lnk [2010/10/16 18:32:56 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/10/13 08:04:44 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_13_8_4_44.dmp [2010/10/13 07:00:23 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_13_7_0_23.dmp [2010/10/08 09:41:05 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_8_9_41_4.dmp [2010/10/03 20:37:08 | 000,047,576 | ---- | C] () -- C:\Documents and Settings\Satish\My Documents\bookmarks.html [2010/09/26 19:44:14 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_9_26_19_44_12.dmp [2010/09/26 19:10:45 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_9_26_19_10_43.dmp [2010/09/23 14:56:57 | 000,036,943 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2010/09/21 07:53:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Satish\Application Data\winscp.rnd [2010/09/04 19:43:26 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll [2010/06/08 02:52:29 | 000,001,045 | ---- | C] () -- C:\WINDOWS\dis51usr.INI [2010/06/08 02:29:46 | 000,000,407 | ---- | C] () -- C:\WINDOWS\dis51adm.INI [2010/03/02 13:14:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010/02/03 00:25:41 | 000,044,600 | ---- | C] () -- C:\Documents and Settings\Satish\Application Data\EMWProf.log [2010/02/03 00:25:40 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\Satish\Application Data\attsmiths.xml [2009/12/23 14:50:35 | 000,001,812 | ---- | C] () -- C:\WINDOWS\RSW.INI [2009/11/18 22:46:11 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/10/15 12:57:23 | 000,001,468 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll [2009/08/25 14:11:03 | 000,017,642 | ---- | C] () -- C:\Program Files\about.chm [2009/08/06 13:54:19 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/07/16 17:29:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2009/07/16 17:28:52 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll [2009/07/15 22:46:39 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\Satish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/14 20:21:49 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2009/07/14 20:21:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll [2009/07/14 08:12:40 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL [2009/07/14 08:12:40 | 000,080,624 | ---- | C] () -- C:\WINDOWS\System32\SH31W32.DLL [2009/07/13 20:29:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2009/07/13 20:29:06 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2009/07/13 14:58:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/08/06 12:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2006/05/16 17:08:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2002/11/26 20:43:44 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT2X.DLL ========== LOP Check ========== [2009/07/13 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2009/08/25 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2010/08/12 16:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF [2010/09/04 19:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software [2010/09/08 08:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/08/25 16:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2010/02/03 00:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Aelita [2010/03/25 13:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\ATT Connect [2010/09/21 17:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Azureus [2010/06/17 14:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/09/19 19:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Downloaded Installations [2010/10/19 21:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\FileZilla [2010/06/25 17:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\GetRightToGo [2010/09/27 09:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Juniper Networks [2010/08/12 16:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Nitro PDF [2010/06/24 14:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Optio [2010/09/04 19:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Software [2010/10/06 21:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\SQL Developer [2010/04/01 13:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Subversion [2010/10/25 23:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\TeamViewer [2010/02/15 22:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\webex [2010/10/25 23:22:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job ========== Purity Check ========== < End of report >
  12. Hello Elise, Sorry.. The issue has re-occured again. Please keep this thread as open. I have run RKUnhooker and following is the report. RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== >Drivers ============================================== 0xB8FB4000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5709824 bytes (Intel Corporation, Intel Graphics Miniport Driver) 0xBF1D8000 C:\WINDOWS\System32\igxpdx32.DLL 2605056 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2150400 bytes 0x804D7000 RAW 2150400 bytes 0x804D7000 WMIxWDM 2150400 bytes 0xBF800000 Win32k 1851392 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1613824 bytes (Intel Corporation, Component GHAL Driver) 0xA6B92000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC) 0xB8EC0000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver) 0xB9E1D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xA4885000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xB8DA1000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xA4B37000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0x9F1A6000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x9E392000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xA4852000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver) 0xB8E7A000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 204800 bytes (Synaptics, Inc., Synaptics Touchpad Driver) 0xB8DFF000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0x9F3CB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xB9DF0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xA48F5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver) 0xB8F54000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xA4942000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xA4AEA000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver) 0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xA4B11000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xA6B6E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xB8F7C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xB8E57000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xA4920000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x806E4000 ACPI_HAL 134400 bytes 0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xB9ED3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xB9DD6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xB9EF3000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver) 0xB9EAA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xB8E40000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x9F38E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xB8EAC000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver) 0xB8FA0000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xA4B90000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver) 0x9E175000 C:\WINDOWS\system32\drivers\MfeAVFK.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver) 0xB9EC1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xB8E2F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xBA298000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver) 0xA5E7D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xBA2D8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xBA2A8000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager) 0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0xA5A22000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client) 0xB8276000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xBA2F8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xA5E4D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xB8296000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xBA2B8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xBA318000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xA5A42000 C:\WINDOWS\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver) 0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xBA308000 C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 45056 bytes (Juniper Networks, dsNcAdapter) 0xA59F2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xBA2C8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xBA138000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xB95A6000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver) 0xBA278000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xB95B6000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xBA288000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xA5A12000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER) 0xBA1E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xA5A02000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xA727F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xA5A32000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver) 0xA5AEF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xBA4B0000 C:\WINDOWS\system32\drivers\MfeBOPK.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver) 0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xBA3A8000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0xBA3D8000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0xBA3D0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xBA3C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xBA3F8000 C:\WINDOWS\system32\DRIVERS\urvpndrv.sys 24576 bytes (F5 Networks, F5 Networks VPN Adapter for Win2k/XP/2003 ) 0xBA3B0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xA5AFF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xA5AF7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xBA3E8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xBA3F0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xBA3E0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xA335D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver) 0xB9A94000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0xBA54C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xBA598000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver) 0x9FE2C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xB9A8C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xB7437000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xB9A90000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0xBA644000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xBA642000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xBA646000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xBA668000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider) 0xBA648000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xBA5EA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xBA5E8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xBA702000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xBA793000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xBA700000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver) 0xA5961000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) !!!!!!!!!!!Hidden driver: 0x8A489AEA ?_empty_? 1302 bytes 0x8A489EC5 unknown_irp_handler 315 bytes !!!!!!!!!!!Hidden driver: 0x8A582810 ?_empty_? 0 bytes ============================================== >Stealth ============================================== 0x891889E3 LDT (IN GDT of Core 1) Modification, Base+0xAA8, DPL_SYSTEM, Rpl : 3, Type: CallGate32, Core [1] 0x891889E3 LDT (IN GDT of Core 2) Modification, Base+0xAA8, DPL_SYSTEM, Rpl : 3, Type: CallGate32, Core [2] 0xB9F0B000 WARNING: suspicious driver modification [atapi.sys::0x8A489AEA] 0xB9F0B000 WARNING: Virus alike driver modification [atapi.sys], 98304 bytes I will paste the log files for OTL.exe . Im unable to run combofix as the process gets terminated. Thanks, Vinod.
  13. Thanks Elise for your response. I just verified all the settings on my system and changed the lan settings, fortunately the change in settings has resolved my issue. Everything is working properly now. Thanks for your help. you can close this topic now. Vinod.
  14. Hello, My system was infected with virus and i have run exehelper and combofix to fix the issue. Fortunately the virus was removed but im unable to connect to the internet thereafter. I was able to connect to the wireless and able to ping the server... looks like the ethernet works fine. But when i open any webpage or yahoo messenger, it doesn' connect it. However i was able to connect to client network with vpn without any issues. I believe some sort of security is preventing the access. Can anyone help me. Thanks, Vinod.
  15. I have scanned my system with malware bytes and mcafee too.. no virus has been detected by both the softwares. System Restore, Registry Editor and Folder Options are working fine now. Thanks much for your help.. How do i delete combo fix?